On some sites I see a lot of "Connection from.." entries that never complete.
This is probably because the page requests resources from SSL-protected domains. These requests are intercepted by mitmproxy, but because we're using a bogus certificate, the browser-side of the connection hangs. The browser doesn't prompt you to add a certificate trust exception for remote page components, only for the primary domain being visited.
To solve this, use something like FireBug to find out which page components are hanging. Visit the relevant domains using your browser, and add a certificate trust exception for each one.
I'm pentesting an non-browser app that checks SSL certificate validity. How do I make it trust the MITMProxy certificate?
Here's a quick and easy procedure you can use for Windows 7, as long as the app in question uses the global Windows certificate repository.
[ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] C = NZ ST = none L = none O = none OU = none CN = target.domain.com emailAddress = none
openssl req -config ./my_bogus_template -x509 -nodes -days 9999 -newkey rsa:1024 -keyout mycert -out mycert cp mycert ~/.mitmproxy/cert.pem